Jaime Chanaga, Field CISO, Fortinet, for Latin America and the Caribbean, gives us seven priorities that CISOs and business leaders must address to reduce the risk of attacks.
In 2021, organizations looked for new ways of doing business. For most organizations, the ability to rapidly implement security platforms that allow their workforce to ‘work safely from anywhere’ was neither easy nor feasible.
The expansion of remote working vastly expanded the corporate attack surface, leaving organizations more exposed than ever to cyberthreats. One of them, ransomware, has put all organizations at greater risk from cybercrime and extortion attacks. Our Fortinet Global Threat Landscape Report shows that ransomware has increased 10.7 times when comparing the first half of 2020 and 2021.
How can CISOs (Chief Information Security Officers) and business leaders respond to these threats? Here are seven priorities for them in Latin America and the Caribbean in 2022:
1. Drive business growth and speed
Today, organizations evolve in an accelerated way to achieve business objectives, adopting Digital Transformation strategies. In some cases, security is an afterthought or an impediment that slows this evolution. CISOs and business leaders must-have a significant impact on the organization’s agility to prosper economically in this new global business reality by securing assets, processes and analyzing risks and preparing contingency plans that help the business achieve its goals.
2. Embrace zero-trust
Today, most organizations do not have a zero-trust strategy (Zero Trust or ZTNA) for access to networks. What is the ZTNA model? ZTNA architecture, frameworks and models are based on concepts to validate trust and access user and device. The current expansion of the corporate attack surface requires adopting a zero-trust or ZTNA strategy to protect corporate networks, systems and data.
3. Educate your team with new skills
CISOs and business leaders who understand that cybersecurity education is the best tool to mitigate risks are one step ahead of industry practices. They should focus their cybersecurity education efforts on including business partners and customers. Cybersecurity education must join efforts on awareness-raising and adopting knowledge and processes as best practices and standards that help organizations prevent and recover from any incident or information leak.
4. Make cloud security a priority
Organizations in Latin America and the Caribbean are driving cloud computing spending at an increasing rate, leaving many organizations with gaps in their professionals’ skills to address cloud risks. CISOs and business leaders should not underestimate the security risks associated with cloud adoption, as security is a shared responsibility between the customer and the cloud provider.
5. Automate security
With the increasing proliferation of cyberattacks conducted with automation and Artificial Intelligence, and Ransomware-as-a-Service (RaaS), organizations are more than ever unable to respond to cyberthreats in real-time. It is imperative to shorten the time to defend against cyberattacks. Implementing cybersecurity automation processes and tools will ensure that your organization can respond to the most extensive number of incidents in an agile way, making it more resistant to current and future risks.
6. Invest in OT security right now
Today, manufacturing, oil and gas, electricity generation and distribution, aviation, maritime transportation, railway, utilities and healthcare, among others, use Information Technology integral to their business operations. CISOs and business leaders need to address the impact of Operational Technology (OT) security within their organizations. The integration of operative technology into network infrastructures, including emerging technologies such as 5G, rapidly makes active technology a critical attack surface vector for organizations.
7. The future is now!
Companies are looking to control their fragmented infrastructure against cybersecurity risks. Organizations need a comprehensive, integrated and automated cybersecurity platform, what Gartner calls a ‘cybersecurity mesh’, that provides centralized management and visibility, supports and interoperates across a vast ecosystem of solutions, and automatically adapts to dynamic changes in the network.
CISOs should also be the trusted advisor on cybersecurity issues, advising, informing and educating other executives in your organization, including the CEO and the organization’s Board of Directors. CISOs must understand and speak the language of business in 2022 and evolve to become leaders who will bring about positive change and contribute to the growth and success of their organizations. CISOs are especially important in the Latin American and Caribbean region to support the development of organizations and the area’s economy.Click below to share this article